Vendors: Can You Prove Your HIPAA Compliance?

Saturday, July 31, 2010

Jack Anderson


I found this interesting article recently talking about the data breach involving Lincoln Medical Center, Siemens, and FedEx. (link below)   The story is an excellent illustration of the new challenge for covered entities (CE). 

If the recent rules proposed by HHS go through as expected a CE is responsible for their business associates (BA) and the BAs and their subcontractors are required to be HIPAA HITECH compliant,  Many of these BAs and sub-contractors who also become BAs have never heard of HIPAA HITECH. 

HHS estimates 1 to 2 million new BAs will need to become compliant.  HHS also states that if a BA agreement exists they expect the BA to be compliant with the terms of their agreements, now.  No waiting periods, no grace periods, be compliant, now.

The next big challenge for both CEs and BAs is proving compliance.  There is no third party with authority to certify or accredit for HIPAA HITECH.  The BA needs to prove their compliance in order to get and keep their business relationships in healthcare. 

The CE is required to only do business with compliant BAs.  Our Compliance Metertm fills the gap by displaying the current level of compliance in four areas, policies, procedures, forms, and tasks. 

At a glance the CE can see whether the BA is compliant and if necessary drill down to view their policies, procedures, forms, and determine whether they have completed all of their assigned tasks.  The Helper assigned to the account also provides oversight.

We can help BAs get compliant for as little as $125 and stay compliant for as little as $35 per month.  This meets the "reasonable and appropriate" criterion specified by HHS. 

Once they are compliant they can display the Compliance Metertm or deploy it to their business partners.  A simple, cost effective and efficient method of meeting HIPAA HITECH standards and being able to prove it.

Cross-posted from Compliance Helper

Possibly Related Articles:
HIPAA Compliance
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked